Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-dtxfpsha96
Target 87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe
SHA256 00c01408eacf4a80e0aa430448d70c4fcca2d1a63a294af3ef313e20897a1f6c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

00c01408eacf4a80e0aa430448d70c4fcca2d1a63a294af3ef313e20897a1f6c

Threat Level: Likely malicious

The file 87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5186) files with added filename extension

Renames multiple (3515) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 03:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 03:18

Reported

2024-06-08 03:21

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe"

Signatures

Renames multiple (3515) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\postSigningData.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2244-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 dee0da2a9522002a1156b41dba59fc0f
SHA1 061112fc2a5bb58089e40963cbef4ac007df1760
SHA256 c4b1f60594210003c2a12aa710586b62bd61d0ebe7b053bb6b8f90493ab3ca7b
SHA512 c0ec1a9df74c8355f04379f70cd597d385ca66343b5f9334a388ef4cddfc4f0aa1b21da78af3516659c60f7c68a081298f059b83f3ef137555baaaccd678cacc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7ab111a0482313d3e085ed8b1125a3e6
SHA1 81d144283692f8df34106ab4aa38c58bb9fe524b
SHA256 8bc834cfa7705f69dd0f07c099d1f36638180924dfa4f526512e852c204be97e
SHA512 df784db95a9f30b2e898e4a137172c32f117b0fe523e2a8ebe43ba38394e08c93887e2f732167baa366672659ba017105c347dbb38aa5814f06741121f65d0f9

memory/2244-644-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 03:18

Reported

2024-06-08 03:21

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5186) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FRSCRIPT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\87451851ac68c505cc4fefabeafaa6b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp

Files

memory/3024-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

MD5 3fd5c750e3dd178d9cfa774cbbd63e61
SHA1 e518cd7b574905935df2967264e9d4a061a2ed7a
SHA256 eaa039d077c878298ea2ea39587bef790d5a0f8529a68fe91bb15b3f6c790284
SHA512 736ac13739cdc72005fa7165fabd604f0537e1bcd023f44fb789934ec1caac736056203596de15a97846334110d1c05c06c08e4653d2d84adc36f443b4a22678

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8958d026e654fff0bb5387b4a4ddc7e5
SHA1 7a61a43342db81a1e8e69e1c0b40b962ddda0f2e
SHA256 4f21112ed15c63ce583b18f82386368e0529463d4b04051c10728e6703bf322f
SHA512 ae54f8494cbb3e0ec868b844a9d7313da25ffa293d872d5921d5571ebe5a482b35b7cb4115d52bc573badce0c7cb227ce8799ab81b21345af6d56a3968cfb218

memory/3024-1926-0x0000000000400000-0x0000000000408000-memory.dmp